CVE-2026-34379

HIGH

CVSS v3.1: 7.1 · EPSS: 0.0027 (18.7 percentile)

NetworkNo privilegesOut-of-bounds WriteVendor advisory ref

Source data as of:

At a glance

Severity
HIGH
CVSS
7.1 v3.1 · NVD
EPSS
0.0027 (18.7 percentile) · FIRST.org
CISA KEV
No
Type
Out-of-bounds Write · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privileges · Source: NVD Vector
Affected vendors
openexr
Published
2026-04-06 · Modified: 2026-06-30
References
Jump to references (7)

CVSS / EPSS / KEV

CVSS v3.1 7.1 / 10 HIGH Source: NVD
EPSS 0.0027 18.7 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoder_execute() in src/lib/OpenEXRCore/internal_dwa_decoder.h:749. When decoding a DWA or DWAB-compressed EXR file containing a FLOAT-type channel, the decoder performs an in-place HALF→FLOAT conversion by casting an unaligned uint8_t * row pointer to float * and writing through it. Because the row buffer may not be 4-byte aligned, this constitutes undefined behavior under the C standard and crashes immediately on architectures that enforce alignment (ARM, RISC-V, etc.). On x86 it is silently tolerated at runtime but remains exploitable via compiler optimizations that assume aligned access. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9.

Record details

CVE ID
CVE-2026-34379
CVSS (v3.1)
7.1 (HIGH)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Exploitability subscore
2.8
Impact subscore
4.2
EPSS
0.0027 (18.7 percentile) — 2026-06-30
CISA KEV
No
Weakness (CWE)
CWE-704, CWE-787, CWE-843, CWE-475
Affected vendors
openexr
Affected configurations (CPE)
3
Published
2026-04-06
Modified
2026-06-30
Status
Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same affected vendor

CVE-2026-42216 CRITICAL CVSS 9.1 CVE-2026-41142 HIGH CVSS 8.8 CVE-2026-27622 HIGH CVSS 7.8 CVE-2026-34588 HIGH CVSS 7.8

Same weakness type (CWE)

CVE-2025-1057 MEDIUM CVSS 4.3 CVE-2024-12084 CRITICAL CVSS 9.8 CVE-2026-21413 CRITICAL CVSS 9.8 CVE-2026-22853 CRITICAL CVSS 9.8

Published the same year

CVE-2026-0881 CRITICAL CVSS 10.0 CVE-2026-2760 CRITICAL CVSS 10.0 CVE-2026-2761 CRITICAL CVSS 10.0 CVE-2026-2768 CRITICAL CVSS 10.0
← Back to all records